Hacker Attack -- a digital Gulf of Tonkin?

["Jose G. Perez" <jose_g_perez@xxxxxxxxxxxxx>]

    The Clinton administration is preparing a new wave of proposals for U.S.
government intervention into the Internet, with a web security "summit"
scheduled for the White House in a couple of days.
    The pretext for this intensified offensive were the "distributed Denial
of Service" attacks which hit yahoo, MSNBC, CNN, ebay and a few other
corporate web sites last week.
    The media and the government were unanimous in blaming "hackers" for the
actions, but many people in hacker circles say it just plain wasn't them,
and more to the point, it wasn't even LIKE them. The attack involved no new
technology, no previously undiscovered security flaws, no propaganda or
humor, no glory, however anonymous or pseudonymous, for its perpetrator.
    The technique used has been around for several years and is clumsy in
the extreme.
    It simply consists of planting a small program in as many insecure
permanently web-connected computers as you can find. Then you simply point
them all at a given site and have the programs repeatedly ask it for data,
giving a false return address (so that the connection eventually times out,
but takes up computer resources in the attacked web servers in the
meantime).
    Hackers have been pointing to this weakness in the Internet's
architecture for years, and a few months ago, a 20-year-old German hacker
placed on the Internet a new, more robust version of software for carrying
out such attacks to call attention to the danger.
    A permanent solution to the problem will have to wait agreements on new
versions of the basic Internet protocols, but in the meantime, protecting a
web host from such a primitive, brute-force attack is fairly
straightforward. All you have to do is to have a small program monitoring
traffic on the router(s) that lead to a certain address. If you suddenly get
a lot of these nonsensical pings or requests for data, the router
automatically sends them to bit heaven. That's how last week's attacks were
dealt with.
    It may seem like a huge pain and diversion of resources, but it really
isn't. You could configure your monitor program to not execute until load
levels reach very high levels, and even then to be effective against a
distributed DoS the router only need check a small portion of incoming
traffic to detect the pattern and activate robust filters to delete bogus
messages before they reach the server.
    It is, of course, entirely possible that some 14-year-old used the
German program, or any number of similar utilities lying around the
Internet, to launch the attack. But the pattern then doesn't quite make
sense. Because after hitting some of the best known sites on the net, the
attacks then moved to online stock trading sites that are much less well
known. Having hit CNN, why not continue with other prominent news sites?
    Whatever the reason, there's a coincidence that is very striking.
    A week before the hack attack, President Clinton proposed increasing the
FBI's "Internet crime" budget by about 40%. A few weeks before that, the
Pentagon announced it was stepping up its preparation to "defend" the U.S.
against a "cyber war."
    This attack, generating maximum publicity and absolutely no permanent
damage or significant loss of revenue, could not have come at a better time
in the government's offensive to get control of the Internet if the
government had planned it itself.
    Which is, of course, precisely what many in the hacker community
suspect.
    Especially suspicious are repeated FBI statements --off the record, of
course-- that the perpetrator may never be caught and so on, that it could
have been someone halfway around the world, etc.
    "Space Rogue" -- one of the leading hacker voices, who is associated
with L0pht Heavy Industries in Boston, notes in his hacker newsletter that
there's been no rumblings in the hacker underground about the source of the
attack, something extremely unlikely if the attack originated there.
    The folks at cDc (Cult of the Dead Cow) --authors of Back Orifice, a
neat little utility that allowed anyone to take control of networks "powered
by" Microsoft's supposedly invulnerable "Back Office"--said pretty much the
same thing.
    2600 Magazine -- associated with the socalled "Black Hat" hackers pretty
much openly accuses the government of doing it.
    And even the mainstream bourgeois press in technology centers, where the
cat is out of the bag anyways, has reflected this analysis. Dan Gillmor, of
the San Jose Mercury News writes,
"The Net is swarming with rumor and speculation, including a swath of
opinion laying the responsibility for the attacks at the door of the
National Security Agency, FBI and other bodies that would love to find ways
to control this largely uncontrollable new medium. I know they're that
devious, but I can't believe they're that brazen."
    However, those familiar with the U.S. government's history of
provocations and deceptions --everything from the FBI's COINTELPRO "dirty
tricks" campaigns to the Gulf of Tonkin Resolution, know that, indeed, the
government IS that brazen.

Jose



__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com